1. Field of the Invention
This invention relates to data encryption, and more particularly to an improved method and apparatus for encrypting and decrypting data signals with a randomly offset pseudorandom encoding sequence to provide increased security for transmitting data over an unsecured public channel.
2. Description of the Background Art
Data encryption is a function that ensures the privacy of a digital communication by preventing an unauthorized receiver from understanding the contents of a transmitted message. A conventional "symmetric secret key" cryptosystem is generally illustrated in FIG. 1(a). A transmitter transforms a plain text message into ciphertext using an invertable encryption transformation. This transformation is a function of the plain text input message and a secret key which is shared by both the transmitter and the receiver. The ciphertext is then transmitted over an unsecured public channel and the intended receiver of the message, also in possession of the secret key, applies the inverse transformation to decrypt the ciphertext and recover the original plain text message. The secret key is communicated to an authorized user through a secure channel (for example, a secure Key Exchange Algorithm) or through a public channel (for example, a Public Key Distribution System) and the secret key effectively dictates a specific encryption transformation from a family of cryptographic transformations. In general, any station in possession of the secret key may encrypt or decrypt messages.
A conventional cryptosystem can be said to exhibit "unconditional security" if the secret key is as long as the ciphertext message, each secret key is used only once, and all secret keys are equally likely. However, since most systems can be expected to transmit a large number of messages, the problem of distributing the secret key information becomes formidable. Most practical cryptosystems have short secret keys compared to the length of a message. The lessened security resulting from short secret keys is compensated for by relying on the complexity of the way that the secret key is combined with the data.
A particular example of a conventional cryptosystem, hereafter referred to as an electronic codebook, is generally illustrated in FIG. 1(b). The electronic codebook involves the use of a secret key that is shared by both the transmitter and the receiver. The transmitter utilizes the secret key to generate a deterministic, apparently random sequence of binary digits or numbers using a Pseudorandom Number (PN) generator. An essential feature of the PN generator is that with a specific secret key input, a unique PN sequence of arbitrary length may be generated. The PN sequence is then combined with the binary representation of the plain text message to be encrypted to produce a sequence of ciphertext. The combination of the PN sequence and the plain text must be accomplished using an invertable function. An invertable function is one that has a known inverse such that when the inverse function is applied to the ciphertext the original plain text can be extracted. For example, two's complement addition or bit-wise exclusive-OR (XOR) are two widely used invertable functions, although other functions can be employed.
Decoding of the encrypted ciphertext may be performed by the receiver using a method identical to that used by the transmitter. Ciphertext is received from the transmitter and combined using a logical XOR gate, with a pseudorandom sequence generated by a PN generator identical to that used in the transmitter. The essence of the electronic codebook system is that an encryption secret key is used to generate a pseudorandom sequence in the transmitter side, and the identical sequence is then generated in the receiver when the same encryption secret key is applied to the receiver PN generator. The XOR gate in the receiver provides the inverse function of the XOR gate in the transmitter so that logical combination of the ciphertext and the PN sequence in the receiver produces the same plain text that was originally encoded by the transmitter.
The conventional cryptosystem poses a number of problems, including inefficiencies associated with using the secret key only once, and the concomitant challenge of distributing new secret keys over clear channels. A system for variable-overhead cached encryption, as described in copending application Ser. No. 08/110,402, addresses the high overhead that results from generating PN sequences that are used only once to maximize security for transmitting data over public use lines. The system provides a means for storing and reusing PN sequences in order to increase the transmission rate of messages through a cryptosystem. A transmitter combines a secret key with an initialization vector (IV), using an XOR operation, to produce a temporal key. The temporal key is then used as an input to a pseudorandom number (PN) generator to produce a unique PN sequence of binary digits for each new temporal key. The IV, together with its corresponding PN sequence is stored in a cache, and the PN sequence is iteratively reused, as determined by a counter, to encrypt one or more plain text messages.
What is needed is a codebook encryption scheme that repeatedly reuses PN sequences to maximize efficiency yet varies the starting point at which the sequences are reused to reduce the likelihood of being decoded.